Steven Collison
Steven Collison
I think the proposed solutions are pretty non controversial since multiple other TLS libraries have implemented something similar. I'm more interested in any feedback on the API.
As a TLS client, I think flipping preferences based on platform is a simple first step to implement this. However we should keep in mind that some non-x86 platforms may...
A way of implementing this to get discussion going https://github.com/awslabs/s2n/pull/1650
I think #851 works for this problem(negotiate ChaCha20 with clients that signal lack of AES acceleration) in closed environments where there is full control over client and server. I don't...
Opening this now, but I don't think it's a high priority yet.
Related Openssl efforts: https://github.com/openssl/openssl/commit/eef977aa0e6c6614bc99bd8357bc4afba91737f7 https://github.com/openssl/openssl/pull/1888
example usage: ``` > openssl s_client -connect 127.0.0.1:443 Connecting to 127.0.0.1 .... No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: ECDH,...
From https://github.com/awslabs/s2n/pull/647, one idea I had is to try a full handshake with the certificate. If Openssl successfully completes a handshake with the certificate but s2n fails to parse/load/handshake the...
As described above, we'll simply look up the client-provided cert in our watch list. It's not clear how we verify that the client owns the private key associated with the...
it would be cool to have a code example in the s2n repo of how to implement a WATCH-list style scheme for applications that want to do an allowlist based...